Imperva 2021 Report: DDoS Trends and Application-Level Threats
The Imperva DDoS attack report for Q1 2022 reveals how global events have reshaped the cyber threat landscape, with a sharp rise in distributed denial of service (DDoS) activity. Based on real-world data collected from Imperva’s global network of 50 DDoS-resilient Points of Presence and over 9 Tbps of mitigation capacity, this quarterly report captures key trends from the first three months of the year.
The conflict in Ukraine had a noticeable impact, with March seeing the highest DDoS activity. Attacks on Ukrainian and Russian websites rose by 320% between January and February. The report highlights a 73% increase in Layer 7 (application layer) DDoS attack volume, showing how cyberattacks have become part of modern warfare strategies.
Imperva also identified new attack techniques, including TCP Middlebox Amplification and UDP TP240 PhoneHome, which threat actors used to magnify the scale of their assaults. These methods were detected across multiple customers and contributed to rising attack volumes.
One of the most notable incidents was a Layer 7 attack in February that reached 2.5 million requests per second (Mrps) on a single site—the largest application DDoS attack Imperva has mitigated to date.
The Imperva DDoS attack report also found that nearly 80% of attacks in Q1 were single-vector, defying the recent trend of complex, multi-vector threats. More than 60% of attacks lasted under seven minutes, proving that short bursts can still overwhelm unprepared networks.
As cyberwarfare and geopolitical risks evolve, this quarterly report helps security teams stay informed and ready.